BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Moodle 4.4.0 - Authenticated Remote Code Execution
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] gogs 0.13.0 - Remote Code Execution (RCE)
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
- [webapps] Sitecore 10.4 - Remote Code Execution (RCE)
- [remote] PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)
- [webapps] Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)
- [remote] OneTrust SDK 6.33.0 - Denial Of Service (DoS)
- [remote] freeSSHd 1.0.9 - Denial of Service (DoS)
- [remote] McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information
Pall Mall Process Progresses but Leads to More Questions
/in General NewsNations continue to sign the Code of Practice for States in an effort to curb commercial spyware, yet implementation and enforcement concerns have yet to be figured out.
darkreading – Read More
SaaS Security Essentials: Reducing Risks in Cloud Applications
/in General NewsAs organizations increasingly rely on SaaS applications to run their operations, securing them has become a necessity. Without…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Paper Werewolf Threat Actor Targets Flash Drives With New Malware
/in General NewsThe threat actor, also known as Goffee, has been active since at least 2022 and has changed its tactics and techniques over the years while targeting Russian organizations.
darkreading – Read More
Russia’s Storm-2372 Hits Orgs with MFA Bypass via Device Code Phishing
/in General NewsRussian APT group Storm-2372 employs device code phishing to bypass Multi-Factor Authentication (MFA). Targets include government, technology, finance,…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Financial Fraud, With a Third-Party Twist, Dominates Cyber Claims
/in General NewsThe most damaging attacks continue to be ransomware, but financial fraud claims are more numerous — and both are driven by increasing third-party breaches.
darkreading – Read More
Fortinet Warns Attackers Retain FortiGate Access Post-Patching via SSL-VPN Symlink Exploit
/in General NewsFortinet has revealed that threat actors have found a way to maintain read-only access to vulnerable FortiGate devices even after the initial access vector used to breach the devices was patched.
The attackers are believed to have leveraged known and now-patched security flaws, including, but not limited to, CVE-2022-42475, CVE-2023-27997, and CVE-2024-21762.
“A threat actor used a known
The Hacker News – Read More
Rapid7 Reveals RCE Path in Ivanti VPN Appliance After Silent Patch Debacle
/in General NewsThe CVE-2025-22457 has already been exploited by a China-nexus hacking gang notorious for breaking into edge network devices.
The post Rapid7 Reveals RCE Path in Ivanti VPN Appliance After Silent Patch Debacle appeared first on SecurityWeek.
SecurityWeek – Read More
Using Third-Party ID Providers Without Losing Zero Trust
/in General NewsWith $4.4 billion in worldwide data breach fines in 2024, the cost of not knowing who’s walking into your systems is devastating.
darkreading – Read More
Lab provider for Planned Parenthood discloses breach affecting 1.6 million people
/in General NewsThe breach affecting Laboratory Services Cooperative involves sensitive information about medical care, as well as bank account details.
The Record from Recorded Future News – Read More
Biometrics vs. passcodes: What lawyers recommend if you’re worried about warrantless phone searches
/in General NewsDo passcodes really protect you more from warrantless phone searches than biometrics? It’s complicated.
Latest stories for ZDNET in Security – Read More